------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 12: 12.7 released press@debian.org
August 31st, 2024 https://www.debian.org/News/2024/20240831
------------------------------------------------------------------------
The Debian project is pleased to announce the seventh update of its
stable distribution Debian 12 (codename "bookworm"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 12 but only updates some of the packages included. There is no
need to throw away old "bookworm" media. After installation, packages
can be upgraded to the current versions using an up-to-date Debian
mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Secure Boot and other operating systems
---------------------------------------
Users who boot other operating systems on the same hardware, and who
have Secure Boot enabled, should be aware that shim 15.8 (included with
Debian 12.7) revokes signatures across older versions of shim in the
UEFI firmware. This may leave other operating systems using shim before
15.8 unable to boot.
Affected users can temporarily disable Secure Boot before updating other
operating systems.
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+--------------------------+------------------------------------------+
| Package | Reason |
+--------------------------+------------------------------------------+
| amd64-microcode [1] | New upstream release; security fixes |
| | [CVE-2023-31315]; SEV firmware fixes |
| | [CVE-2023-20584 CVE-2023-31356] |
| | |
| ansible [2] | New upstream stable release; fix key |
| | leakage issue [CVE-2023-4237] |
| | |
| ansible-core [3] | New upstream stable release; fix |
| | information disclosure issue [CVE-2024- |
| | 0690]; fix template injection issue |
| | [CVE-2023-5764]; fix path traversal |
| | issue [CVE-2023-5115] |
| | |
| apache2 [4] | New upstream stable release; fix content |
| | disclosure issue [CVE-2024-40725] |
| | |
| base-files [5] | Update for the point release |
| | |
| cacti [6] | Fix remote code execution issues |
| | [CVE-2024-25641 CVE-2024-31459], cross |
| | site scripting issues [CVE-2024-29894 |
| | CVE-2024-31443 CVE-2024-31444], SQL |
| | injection issues [CVE-2024-31445 |
| | CVE-2024-31458 CVE-2024-31460], "type |
| | juggling" issue [CVE-2024-34340]; fix |
| | autopkgtest failure |
| | |
| calamares-settings- | Fix Xfce launcher permission issue |
| debian [7] | |
| | |
| calibre [8] | Fix remote code execution issue |
| | [CVE-2024-6782, cross site scripting |
| | issue [CVE-2024-7008], SQL injection |
| | issue [CVE-2024-7009] |
| | |
| choose-mirror [9] | Update list of available mirrors |
| | |
| cockpit [10] | Fix denial of service issue [CVE-2024- |
| | 6126] |
| | |
| cups [11] | Fix issues with domain socket handling |
| | [CVE-2024-35235] |
| | |
| curl [12] | Fix ASN.1 date parser overread issue |
| | [CVE-2024-7264] |
| | |
| cyrus-imapd [13] | Fix regression introduced in CVE-2024- |
| | 34055 fix |
| | |
| dcm2niix [14] | Fix potential code execution issue |
| | [CVE-2024-27629] |
| | |
| debian-installer [15] | Increase Linux kernel ABI to 6.1.0-25; |
| | rebuild against proposed-updates |
| | |
| debian-installer- | Rebuild against proposed-updates |
| netboot-images [16] | |
| | |
| dmitry [17] | Security fixes [CVE-2024-31837 CVE-2020- |
| | 14931 CVE-2017-7938] |
| | |
| dropbear [18] | Fix "noremotetcp" behaviour of |
| | keepalive packets in combination with |
| | the "no-port-forwarding" |
| | authorized_keys(5) restriction |
| | |
| gettext.js [19] | Fix server side request forgery issue |
| | [CVE-2024-43370] |
| | |
| glibc [20] | Fix freeing uninitialized memory in |
| | libc_freeres_fn(); fix several |
| | performance issues and possible crashses |
| | |
| glogic [21] | Require Gtk 3.0 and PangoCairo 1.0 |
| | |
| graphviz [22] | Fix broken scale |
| | |
| gtk+2.0 [23] | Avoid looking for modules in the current |
| | working directory [CVE-2024-6655] |
| | |
| gtk+3.0 [24] | Avoid looking for modules in the current |
| | working directory [CVE-2024-6655] |
| | |
| imagemagick [25] | Fix segmentation fault issue; fix |
| | incomplete fix for CVE-2023-34151 |
| | |
| initramfs-tools [26] | hook_functions: Fix copy_file with |
| | source including a directory symlink; |
| | hook-functions: copy_file: Canonicalise |
| | target filename; install hid-multitouch |
| | module for Surface Pro 4 Keyboard; add |
| | hyper-keyboard module, needed to enter |
| | LUKS password in Hyper-V; |
| | auto_add_modules: Add onboard_usb_hub, |
| | onboard_usb_dev |
| | |
| intel-microcode [27] | New upstream release; security fixes |
| | [CVE-2023-42667 CVE-2023-49141 CVE-2024- |
| | 24853 CVE-2024-24980 CVE-2024-25939] |
| | |
| ipmitool [28] | Add missing enterprise-numbers.txt file |
| | |
| libapache2-mod-auth- | Avoid crash when the Forwarded header is |
| openidc [29] | not present but OIDCXForwardedHeaders is |
| | configured for it |
| | |
| libnvme [30] | Fix buffer overflow during scanning |
| | devices that do not support sub-4k reads |
| | |
| libvirt [31] | birsh: Make domif-setlink work more than |
| | once; qemu: domain: Fix logic when |
| | tainting domain; fix denial of service |
| | issues [CVE-2023-3750 CVE-2024-1441 |
| | CVE-2024-2494 CVE-2024-2496] |
| | |
| linux [32] | New upstream release; bump ABI to 25 |
| | |
| linux-signed-amd64 [33] | New upstream release; bump ABI to 25 |
| | |
| linux-signed-arm64 [34] | New upstream release; bump ABI to 25 |
| | |
| linux-signed-i386 [35] | New upstream release; bump ABI to 25 |
| | |
| newlib [36] | Fix buffer overflow issue [CVE-2021- |
| | 3420] |
| | |
| numpy [37] | Conflict with python-numpy |
| | |
| openssl [38] | New upstream stable release; fix denial |
| | of service issues [CVE-2024-2511 |
| | CVE-2024-4603]; fix use after free issue |
| | [CVE-2024-4741] |
| | |
| poe.app [39] | Make comment cells editable; fix drawing |
| | when an NSActionCell in the preferences |
| | is acted on to change state |
| | |
| putty [40] | Fix weak ECDSA nonce generation allowing |
| | secret key recovery [CVE-2024-31497] |
| | |
| qemu [41] | New upstream stable release; fix denial |
| | of service issue [CVE-2024-4467] |
| | |
| riemann-c-client [42] | Prevent malformed payload in GnuTLS |
| | send/receive operations |
| | |
| rustc-web [43] | New upstream stable release, to support |
| | building new chromium and firefox-esr |
| | versions |
| | |
| shim [44] | New upstream release |
| | |
| shim-helpers-amd64- | Rebuild against shim 15.8.1 |
| signed [45] | |
| | |
| shim-helpers-arm64- | Rebuild against shim 15.8.1 |
| signed [46] | |
| | |
| shim-helpers-i386- | Rebuild against shim 15.8.1 |
| signed [47] | |
| | |
| shim-signed [48] | New upstream stable release |
| | |
| systemd [49] | New upstream stable release; update hwdb |
| | |
| usb.ids [50] | Update included data list |
| | |
| xmedcon [51] | Fix buffer overflow issue [CVE-2024- |
| | 29421] |
| | |
+--------------------------+------------------------------------------+
1: https://packages.debian.org/src:amd64-microcode
2: https://packages.debian.org/src:ansible
3: https://packages.debian.org/src:ansible-core
4: https://packages.debian.org/src:apache2
5: https://packages.debian.org/src:base-files
6: https://packages.debian.org/src:cacti
7: https://packages.debian.org/src:calamares-settings-debian
8: https://packages.debian.org/src:calibre
9: https://packages.debian.org/src:choose-mirror
10: https://packages.debian.org/src:cockpit
11: https://packages.debian.org/src:cups
12: https://packages.debian.org/src:curl
13: https://packages.debian.org/src:cyrus-imapd
14: https://packages.debian.org/src:dcm2niix
15: https://packages.debian.org/src:debian-installer
16: https://packages.debian.org/src:debian-installer-netboot-images
17: https://packages.debian.org/src:dmitry
18: https://packages.debian.org/src:dropbear
19: https://packages.debian.org/src:gettext.js
20: https://packages.debian.org/src:glibc
21: https://packages.debian.org/src:glogic
22: https://packages.debian.org/src:graphviz
23: https://packages.debian.org/src:gtk+2.0
24: https://packages.debian.org/src:gtk+3.0
25: https://packages.debian.org/src:imagemagick
26: https://packages.debian.org/src:initramfs-tools
27: https://packages.debian.org/src:intel-microcode
28: https://packages.debian.org/src:ipmitool
29: https://packages.debian.org/src:libapache2-mod-auth-openidc
30: https://packages.debian.org/src:libnvme
31: https://packages.debian.org/src:libvirt
32: https://packages.debian.org/src:linux
33: https://packages.debian.org/src:linux-signed-amd64
34: https://packages.debian.org/src:linux-signed-arm64
35: https://packages.debian.org/src:linux-signed-i386
36: https://packages.debian.org/src:newlib
37: https://packages.debian.org/src:numpy
38: https://packages.debian.org/src:openssl
39: https://packages.debian.org/src:poe.app
40: https://packages.debian.org/src:putty
41: https://packages.debian.org/src:qemu
42: https://packages.debian.org/src:riemann-c-client
43: https://packages.debian.org/src:rustc-web
44: https://packages.debian.org/src:shim
45: https://packages.debian.org/src:shim-helpers-amd64-signed
46: https://packages.debian.org/src:shim-helpers-arm64-signed
47: https://packages.debian.org/src:shim-helpers-i386-signed
48: https://packages.debian.org/src:shim-signed
49: https://packages.debian.org/src:systemd
50: https://packages.debian.org/src:usb.ids
51: https://packages.debian.org/src:xmedcon
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+--------------------------+
| Advisory ID | Package |
+----------------+--------------------------+
| DSA-5617 [52] | chromium [53] |
| | |
| DSA-5629 [54] | chromium [55] |
| | |
| DSA-5634 [56] | chromium [57] |
| | |
| DSA-5636 [58] | chromium [59] |
| | |
| DSA-5639 [60] | chromium [61] |
| | |
| DSA-5648 [62] | chromium [63] |
| | |
| DSA-5654 [64] | chromium [65] |
| | |
| DSA-5656 [66] | chromium [67] |
| | |
| DSA-5668 [68] | chromium [69] |
| | |
| DSA-5675 [70] | chromium [71] |
| | |
| DSA-5676 [72] | chromium [73] |
| | |
| DSA-5683 [74] | chromium [75] |
| | |
| DSA-5687 [76] | chromium [77] |
| | |
| DSA-5689 [78] | chromium [79] |
| | |
| DSA-5694 [80] | chromium [81] |
| | |
| DSA-5696 [82] | chromium [83] |
| | |
| DSA-5697 [84] | chromium [85] |
| | |
| DSA-5701 [86] | chromium [87] |
| | |
| DSA-5710 [88] | chromium [89] |
| | |
| DSA-5716 [90] | chromium [91] |
| | |
| DSA-5719 [92] | emacs [93] |
| | |
| DSA-5720 [94] | chromium [95] |
| | |
| DSA-5722 [96] | libvpx [97] |
| | |
| DSA-5723 [98] | plasma-workspace [99] |
| | |
| DSA-5724 [100] | openssh [101] |
| | |
| DSA-5725 [102] | znc [103] |
| | |
| DSA-5726 [104] | krb5 [105] |
| | |
| DSA-5727 [106] | firefox-esr [107] |
| | |
| DSA-5728 [108] | exim4 [109] |
| | |
| DSA-5729 [110] | apache2 [111] |
| | |
| DSA-5731 [112] | linux-signed-amd64 [113] |
| | |
| DSA-5731 [114] | linux-signed-arm64 [115] |
| | |
| DSA-5731 [116] | linux-signed-i386 [117] |
| | |
| DSA-5731 [118] | linux [119] |
| | |
| DSA-5732 [120] | chromium [121] |
| | |
| DSA-5734 [122] | bind9 [123] |
| | |
| DSA-5735 [124] | chromium [125] |
| | |
| DSA-5737 [126] | libreoffice [127] |
| | |
| DSA-5738 [128] | openjdk-17 [129] |
| | |
| DSA-5739 [130] | wpa [131] |
| | |
| DSA-5740 [132] | firefox-esr [133] |
| | |
| DSA-5741 [134] | chromium [135] |
| | |
| DSA-5743 [136] | roundcube [137] |
| | |
| DSA-5745 [138] | postgresql-15 [139] |
| | |
| DSA-5748 [140] | ffmpeg [141] |
| | |
| DSA-5749 [142] | bubblewrap [143] |
| | |
| DSA-5749 [144] | flatpak [145] |
| | |
| DSA-5750 [146] | python-asyncssh [147] |
| | |
| DSA-5751 [148] | squid [149] |
| | |
| DSA-5752 [150] | dovecot [151] |
| | |
| DSA-5753 [152] | aom [153] |
| | |
| DSA-5754 [154] | cinder [155] |
| | |
| DSA-5755 [156] | glance [157] |
| | |
| DSA-5756 [158] | nova [159] |
| | |
| DSA-5757 [160] | chromium [161] |
| | |
+----------------+--------------------------+
52: https://www.debian.org/security/2024/dsa-5617
53: https://packages.debian.org/src:chromium
54: https://www.debian.org/security/2024/dsa-5629
55: https://packages.debian.org/src:chromium
56: https://www.debian.org/security/2024/dsa-5634
57: https://packages.debian.org/src:chromium
58: https://www.debian.org/security/2024/dsa-5636
59: https://packages.debian.org/src:chromium
60: https://www.debian.org/security/2024/dsa-5639
61: https://packages.debian.org/src:chromium
62: https://www.debian.org/security/2024/dsa-5648
63: https://packages.debian.org/src:chromium
64: https://www.debian.org/security/2024/dsa-5654
65: https://packages.debian.org/src:chromium
66: https://www.debian.org/security/2024/dsa-5656
67: https://packages.debian.org/src:chromium
68: https://www.debian.org/security/2024/dsa-5668
69: https://packages.debian.org/src:chromium
70: https://www.debian.org/security/2024/dsa-5675
71: https://packages.debian.org/src:chromium
72: https://www.debian.org/security/2024/dsa-5676
73: https://packages.debian.org/src:chromium
74: https://www.debian.org/security/2024/dsa-5683
75: https://packages.debian.org/src:chromium
76: https://www.debian.org/security/2024/dsa-5687
77: https://packages.debian.org/src:chromium
78: https://www.debian.org/security/2024/dsa-5689
79: https://packages.debian.org/src:chromium
80: https://www.debian.org/security/2024/dsa-5694
81: https://packages.debian.org/src:chromium
82: https://www.debian.org/security/2024/dsa-5696
83: https://packages.debian.org/src:chromium
84: https://www.debian.org/security/2024/dsa-5697
85: https://packages.debian.org/src:chromium
86: https://www.debian.org/security/2024/dsa-5701
87: https://packages.debian.org/src:chromium
88: https://www.debian.org/security/2024/dsa-5710
89: https://packages.debian.org/src:chromium
90: https://www.debian.org/security/2024/dsa-5716
91: https://packages.debian.org/src:chromium
92: https://www.debian.org/security/2024/dsa-5719
93: https://packages.debian.org/src:emacs
94: https://www.debian.org/security/2024/dsa-5720
95: https://packages.debian.org/src:chromium
96: https://www.debian.org/security/2024/dsa-5722
97: https://packages.debian.org/src:libvpx
98: https://www.debian.org/security/2024/dsa-5723
99: https://packages.debian.org/src:plasma-workspace
100: https://www.debian.org/security/2024/dsa-5724
101: https://packages.debian.org/src:openssh
102: https://www.debian.org/security/2024/dsa-5725
103: https://packages.debian.org/src:znc
104: https://www.debian.org/security/2024/dsa-5726
105: https://packages.debian.org/src:krb5
106: https://www.debian.org/security/2024/dsa-5727
107: https://packages.debian.org/src:firefox-esr
108: https://www.debian.org/security/2024/dsa-5728
109: https://packages.debian.org/src:exim4
110: https://www.debian.org/security/2024/dsa-5729
111: https://packages.debian.org/src:apache2
112: https://www.debian.org/security/2024/dsa-5731
113: https://packages.debian.org/src:linux-signed-amd64
114: https://www.debian.org/security/2024/dsa-5731
115: https://packages.debian.org/src:linux-signed-arm64
116: https://www.debian.org/security/2024/dsa-5731
117: https://packages.debian.org/src:linux-signed-i386
118: https://www.debian.org/security/2024/dsa-5731
119: https://packages.debian.org/src:linux
120: https://www.debian.org/security/2024/dsa-5732
121: https://packages.debian.org/src:chromium
122: https://www.debian.org/security/2024/dsa-5734
123: https://packages.debian.org/src:bind9
124: https://www.debian.org/security/2024/dsa-5735
125: https://packages.debian.org/src:chromium
126: https://www.debian.org/security/2024/dsa-5737
127: https://packages.debian.org/src:libreoffice
128: https://www.debian.org/security/2024/dsa-5738
129: https://packages.debian.org/src:openjdk-17
130: https://www.debian.org/security/2024/dsa-5739
131: https://packages.debian.org/src:wpa
132: https://www.debian.org/security/2024/dsa-5740
133: https://packages.debian.org/src:firefox-esr
134: https://www.debian.org/security/2024/dsa-5741
135: https://packages.debian.org/src:chromium
136: https://www.debian.org/security/2024/dsa-5743
137: https://packages.debian.org/src:roundcube
138: https://www.debian.org/security/2024/dsa-5745
139: https://packages.debian.org/src:postgresql-15
140: https://www.debian.org/security/2024/dsa-5748
141: https://packages.debian.org/src:ffmpeg
142: https://www.debian.org/security/2024/dsa-5749
143: https://packages.debian.org/src:bubblewrap
144: https://www.debian.org/security/2024/dsa-5749
145: https://packages.debian.org/src:flatpak
146: https://www.debian.org/security/2024/dsa-5750
147: https://packages.debian.org/src:python-asyncssh
148: https://www.debian.org/security/2024/dsa-5751
149: https://packages.debian.org/src:squid
150: https://www.debian.org/security/2024/dsa-5752
151: https://packages.debian.org/src:dovecot
152: https://www.debian.org/security/2024/dsa-5753
153: https://packages.debian.org/src:aom
154: https://www.debian.org/security/2024/dsa-5754
155: https://packages.debian.org/src:cinder
156: https://www.debian.org/security/2024/dsa-5755
157: https://packages.debian.org/src:glance
158: https://www.debian.org/security/2024/dsa-5756
159: https://packages.debian.org/src:nova
160: https://www.debian.org/security/2024/dsa-5757
161: https://packages.debian.org/src:chromium
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+----------------------+-----------------+
| Package | Reason |
+----------------------+-----------------+
| bcachefs-tools [162] | Buggy; obsolete |
| | |
+----------------------+-----------------+
162: https://packages.debian.org/src:bcachefs-tools
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
stable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
https://deb.debian.org/debian/dists/bookworm/ChangeLog
The current stable distribution:
https://deb.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
https://deb.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
https://www.debian.org/releases/stable/
Security announcements and information:
https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
Attachment:
signature.asc
Description: This is a digitally signed message part